Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8333892

MemorySegment::reinterpret removes read-only property

XMLWordPrintable

    • Icon: CSR CSR
    • Resolution: Approved
    • Icon: P3 P3
    • 23, 24
    • core-libs
    • None
    • behavioral
    • low
    • Hide
      Clients that relied on implicit conversion from read-only segments to writable segments via `reinterpret` will now see read-only segments being returned.

      It is still possible to turn a read-only segment into a writable segment via the `MemorySegment::ofAddress` method. This could be used as an escape hatch for clients previously relying on the faulty behavior of `reinterpret`
      Show
      Clients that relied on implicit conversion from read-only segments to writable segments via `reinterpret` will now see read-only segments being returned. It is still possible to turn a read-only segment into a writable segment via the `MemorySegment::ofAddress` method. This could be used as an escape hatch for clients previously relying on the faulty behavior of `reinterpret`
    • SE

      Summary

      The MemorySegment::reinterpret overloads shall retain the read-only state from the original segment. Currently, this is not the case.

      Problem

      It is possible to "crack open" a read-only segment by reinterpretation. This was not intended by the API designers and is a flaw.

      Solution

      Retain the read-only state for reinterpreted segments.

      Specification

      diff --git a/src/java.base/share/classes/java/lang/foreign/MemorySegment.java b/src/java.base/share/classes/java/lang/foreign/MemorySegment.java
index 6c75c0385fa78..0318310e09f69 100644
--- a/src/java.base/share/classes/java/lang/foreign/MemorySegment.java
+++ b/src/java.base/share/classes/java/lang/foreign/MemorySegment.java
@@ -706,6 +718,10 @@ public sealed interface MemorySegment permits AbstractMemorySegmentImpl {
     /**
      * Returns a new memory segment that has the same address and scope as this segment,
      * but with the provided size.
+     * 
      
+     * If this segment is {@linkplain MemorySegment#isReadOnly() read-only},
+     * the returned segment is also {@linkplain MemorySegment#isReadOnly() read-only}.
+     *
      *
      * @param newSize the size of the returned segment
      * @return a new memory segment that has the same address and scope as
@@ -741,6 +757,9 @@ public sealed interface MemorySegment permits AbstractMemorySegmentImpl {
      * That is, the cleanup action receives a segment that is associated with the global
      * scope, and is accessible from any thread. The size of the segment accepted by the
      * cleanup action is {@link #byteSize()}.
+     * 
      
+     * If this segment is {@linkplain MemorySegment#isReadOnly() read-only},
+     * the returned segment is also {@linkplain MemorySegment#isReadOnly() read-only}.
      *
      * @apiNote The cleanup action (if present) should take care not to leak the received
      *          segment to external clients that might access the segment after its
@@ -786,6 +805,9 @@ public sealed interface MemorySegment permits AbstractMemorySegmentImpl {
      * That is, the cleanup action receives a segment that is associated with the global
      * scope, and is accessible from any thread. The size of the segment accepted by the
      * cleanup action is {@code newSize}.
+     * 
      
+     * If this segment is {@linkplain MemorySegment#isReadOnly() read-only},
+     * the returned segment is also {@linkplain MemorySegment#isReadOnly() read-only}.
      *
      * @apiNote The cleanup action (if present) should take care not to leak the received
      *          segment to external clients that might access the segment after its

            pminborg Per-Ake Minborg
            jvernee Jorn Vernee
            Jorn Vernee
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: